Tehama Room Directory Service allows time-saving group policy management

Danielle Morley

Many customers come to us with an urgent need to get remote teams up and running, with no time to spare. Tehama was custom built for remote work and includes everything you need to rapidly onboard, manage, and scale remote teams with ease of use—there's no need for additional tooling to configure, or costly add ons to meet security or audit requirements.   And now, we’ve gone one step better with our most recent product release: The Tehama Room Directory Service, which enables time-saving centralized management and dynamic updates of key user experience and security settings on virtual desktops within a Tehama Room.

Tehama Rooms are isolated containers with secure perimeters that provide a common set of tools and services. Essentially an extension of a public or private network, Rooms facilitate secure and compliant remote work through several tools and services including virtual Windows or Linux desktops, a Secrets Vault, a File Vault, and precision auditing tools.

What is the Tehama Room Directory Service?

The Tehama Room Directory Service is a directory service scoped to a specific Tehama Room, allowing an administrator or manager within a Room to modify Group Policy. Group Policy applies important settings to resources in a domain, such as users and desktops, allowing admins to configure hundreds of potential settings, ranging from security and compliance to the desktop user experience. 

With the new Tehama Room Directory Service, Tehama offers the following improvements:

  • Centralized management. When an administrator configures Group Policy setting once, that setting is automatically inherited and enforced on every desktop in the Room. This makes it faster and easier to create a consistent and secure setup across large numbers of desktops. 
  • Dynamic Updates. When a critical setting needs to change, an administrator can make a single update, and that update is automatically adopted on every existing desktop in the Room.  There is no need to make manual changes or re-image desktops. 

What are the benefits and typical use cases?

This built-in capability allows enterprises to manage and deploy large numbers of desktops at scale within Tehama even faster than before. Plus, the new directory service doesn’t require integrations with existing directories or tool configurations. Other benefits include: 

  • No risk or lengthy integration approval process: While directory integrations can be viewed as risky and can potentially expose directories to golden ticket attacks, the isolated Tehama Room Directory Service eliminates that risk. There’s also no lengthy approval process required to spin up desktops for temporary projects, because these can be centrally managed without having to join an existing domain.
  • No additional tooling: Organizations not yet leveraging  AD, or who can’t get approval to integrate with their directory service can centrally manage desktops within Tehama with no additional tooling required.
  • No IT tickets: Modifications to Group Policy typically require internal IT tickets and a complicated change management process, since these updates often affect large numbers of users in a domain. But Tehama’s new service allows admins to set up or tweak Group Policy settings in an isolated Room-based environment, only affecting the users of that Room.

Tehama’s new Room Directory Service is designed to handle several different use cases. Enterprises requiring remote, bring-your-own-device (BYOD) work, for example, can easily roll out a consistent and secure out-of-the-box experience without having to provide desktops for new or temporary remote/BYOD employees. 

IT buyers onboarding contractors or managed service providers, as well, will benefit: Instead of shipping laptops or allowing third parties to work on unmanaged devices, managers who require third-party access to their network and/or resources can use the Room Directory Service as a centralized desktop management tool. This means key security policies on contractor devices can be managed and enforced without having to add these users to the enterprise’s domain.

Group Policy settings available within Tehama’s Room Directory Service can help provide a consistent user experience for both remote and in-office workers alike, while also locking down and enforcing key security settings.  A number of key policies are built-in to support a speedy desktop deployment, including options to:

  • Configure desktop backgrounds with company branding for an out-of-the-box user experience equivalent to a company-owned desktop
  • Change rules and user experience settings around Windows updates (including how users are notified, if they must reboot right away, or even repointing desktops to receive updates from a customer-controlled Windows Server Update Services (WSUS) server – which can then control which updates are available and when they occur)
  • Enforce critical security settings such as USB redirection and internet proxy settings
  • Control which applications can be installed to ensure only company-approved applications are used
  • Restrict the use of personal MS Office accounts to ensure that desktop data cannot be backed up to a personal OneDrive account
  • Apply a payment card industry (PCI)-compliant suite of settings for customers whose end users handle sensitive credit card or financial data
  • As well as options to import your own Group Policy settings by copying your existing domain’s settings, or create policies unique to your Tehama environment 

The Room Directory Service also allows the management of Windows logon and logoff scripts, which can be used to automate actions on each desktop in the Room when a user logs on or off (such as automating the installation of an application available on a mapped drive, for example). 

Contact us today to learn more about the new Tehama Room Directory Service, and what it can do for your enterprise.


More Posts

Subscribe Here!